docs: add remediation guidance for unpinned pip installs

[D9mond]

What kind of change does this PR introduce?

Type: docs

This PR adds remediation guidance for unpinned pip installs.

• PR title follows the guidelines defined in our pull request documentation

What is the current behavior?

Unpinned pip install commands are detected by the Pinned-Dependencies check, but no remediation guidance is provided to users.

What is the new behavior (if this is a feature change)?

When an unpinned pip install command is detected, the result now includes a remediation message suggesting:

• Using --require-hashes

• Using hashed lockfiles

• Generating hashed requirements with pip-tools

• Following pip secure install best practices

• Tests for the changes have been added (for bug fixes/features)

Which issue(s) this PR fixes

Fixes #10871

Special notes for your reviewer

This change mirrors the remediation pattern already implemented for NuGet, providing more actionable guidance for Python users.

Does this PR introduce a user-facing change?

Yes. It adds remediation guidance for unpinned pip install commands in the Pinned-Dependencies check output.

Adds remediation guidance for unpinned `pip install` commands in the Pinned-Dependencies check output.

[D9mond]

Please let me know if any adjustments or additional tests are required.
Happy to iterate on this.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 69.70%. Comparing base (353ed60) to head (c67d739).
⚠️ Report is 320 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #4946      +/-   ##
==========================================
+ Coverage   66.80%   69.70%   +2.89%     
==========================================
  Files         230      251      +21     
  Lines       16602    15668     -934     
==========================================
- Hits        11091    10921     -170     
+ Misses       4808     3873     -935     
- Partials      703      874     +171     

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[spencerschrock]

/scdiff generate Pinned-Dependencies

[github-actions]

Here's a link to the scdiff run

[D9mond]

I force-pushed to update the commit message and add DCO sign-off. DCO is now passing. Could a maintainer please approve and run the remaining workflows?